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Amendments to the Claims 

1. (original) A system for analyzing network traffic to use in performing network 
and security assessments by listening on a subject network, interpreting events, and 

5 taking action, comprising: 

a policy specification file; 

a network monitor processor for processing network packet data collected 
from said subject network; and 

a policy monitoring component for receiving and processing said policy 
10 specification file, and receiving and processing said processed network packet data 
to assign dispositions to network events contained in said network packet data. 

2. (original) The system of Claim 1 r said policy monitoring component further 
comprising: 

1 5 a parser for parsing said policy specification file; 

a policy engine for synthesizing said parsed policy specification file and said 
processed network packet data, and for performing said assign dispositions and 
level of severity to said network events contained in said network packet data; and 
a logger for logging and storing into an events database said synthesized 
20 information by said policy engine according to a logging policy file. 

3. (original) The system of Claim 2, further comprising: 

a query mechanism for mining said stored data in said events database. 

25 4. (original) The system of Claim 2, further comprising: 

an alarm script component for generating alarms based on said level of 
severity of said network events. 

5. (original) The system of Claim 2, further comprising means for said policy 
30 engine: 

interpreting each protocol event; and 

consulting said policy specification file as each protocol event is interpreted to 
ensure that an earliest determination of said disposition Is reached. 

35 6. (original) The system of Claim 1, wherein said collected network packet data 
is captured in a file or is streams-based. 

7. (original) The system of Claim 1, further comprising: 

9 
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a secure Web server comprising a Web sen/er component and a report 
database for displaying reports online, said reports generated by said events 
database using a report script. 

5 8. (original) The system of Claim 1 , further comprising: 

a parser for generating an English description policy representation from said 
policy specification file. 

9. (original) The system of Claim 1, wherein said network monitor processor is 
10 used in standalone mode. 

10. (original) The system of Claim 1, wherein said network monitor processor 
and said policy monitoring component run on a same machine. 

15 11. (original) The system of Claim 1 , further comprising: 

a policy generator for generating said policy specification file. 

12. (original) The system of Claim 1, wherein said received network packet data 
is encoded. 

20 

13. (original) A method for analyzing network traffic to use in performing network 
and security assessments by listening on a subject network, interpreting events, and 
taking action, said method comprising: 

providing a policy specification file; 
25 providing a network monitor processor for processing network packet data 

collected from said subject network; and 

providing a policy monitoring component for receiving and processing said 
policy specification file, and receiving and processing said processed network packet 
data to assign dispositions to network events contained in said network packet data, 

30 

14. (original) The method of Claim 13, said provided policy monitoring 
component further comprising: 

providing a parser for parsing said policy specification file; 

providing a policy engine for synthesizing said parsed policy specification file 
35 and said processed network packet data, and for performing said assign dispositions 
and level of severity to said network events contained in said network packet data; 
and 



10 
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providing a logger for logging and storing into an events database said 
synthesized information by said policy engine according to a logging policy file. 

15. (original) The method of Claim 14, further comprising: 

5 providing a query mechanism for mining said stored data in said events 

database. 

16. (original) The method of Claim 14, further comprising: 

providing an alarm script component for generating alarms based on said 
1 0 level of severity of said network events. 

17. (original) The method of Claim 14, further comprising said policy engine: 

interpreting each protocol event; and 

consulting said policy specification file as each protocol event is interpreted to 
1 5 ensure that an earliest determination of said disposition is reached. 

18. (original) The method of Claim 13, wherein said collected network packet 
data is captured in a file or is streams-based. 

20 19. (original) The method of Claim 13, further comprising: 

providing a secure Web server comprising a Web server component and a 
report database for displaying reports online, said reports generated by said events 
database using a report script. 

25 20. (original) The method of Claim 13, further comprising: 

providing a parser for generating an English description policy representation 
from said policy specification file. 

21. (original) The method of Claim 13, wherein said network monitor processor is 
30 used in standalone mode. 

22. (original) The method of Claim 13, wherein sard network monitor processor 
and said policy monitoring component run on a same machine. 

35 23. (original) The method of Claim 13, further comprising: 

providing a policy generator for generating said policy specification file. 
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24. (original) The method of Claim 13 r wherein said received network packet 
data is encoded. 

25. (currently amended) A method for i ntcrativ el y iteratively developing 
5 network security policy for a network, comprising; 

creating an initial network security policy file; 

ensuring said initial network security policy file is uploaded to a machine on 
said network; 

running a network monitor on said network machine to collect said network 

10 traffic; 

said network monitor outputting said collected network traffic in an output file, 
and passing said output file to a policy monitor; 

said policy monitor analyzing said collected network traffic; 

storing said analyzed network traffic in a database; 
15 examining said analyzed network traffic in said database by querying said 

database using a query tool; and 

modifying said initial network security policy file as needed : and 

repeating from said ensuring network security policy file is uploaded through 
said modifying said network security policy file until a comprehensive and desired 
20 policy file is attained. 

26. (original) The method of Claim 25, wherein said network machine is remote, 
and further* comprising uploading said modified network security policy file to said 
remote network machine as needed. 

25 

27. (original) The method of Claim 25, further comprising: 

monitoring network traffic by using said attained comprehensive and desired 
policy file. 

30 28. (original) The method of Claim 27, wherein monitoring network traffic is on a 
continuous basis. 

29. (original) The method of Claim 25, further comprising: 

generating reports from said database, and using said generated reports as 
35 input for further policy refinement and/or using said generated reports for 
continuously monitoring network traffic. 

30. (original) The method of Claim 29, further comprising: 

12 
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encrypting said reports, and sending said encrypted reports to a remote 
secure Web server. 

31 . (original) The method of Claim 30, further comprising: 

5 accessing said reports on said remote server in a user-friendly manner. 

32. (original) The method of Claim 25, wherein creating an initial network security 
policy file, and modifying said network security policy file as needed use a policy 
generator tool . 

10 

33. (currently amended) A system for int orative i y iteractivelv developing 
network security policy for a network, said system comprising: 

means for creating an initial network security policy file; 

means for ensuring said initial network security policy file is upioaded to a 
15 machine on said network; 

means for running a network monitor on said machine to collect said network 

traffic; 

means for said network monitor outputting said collected network traffic in an 
output file, and passing said output file to a policy monitor; 
20 means for said policy monitor analyzing said collected network traffic; 

means for storing said analyzed network traffic in a database; 

means for examining said analyzed network traffic in said database by 
querying said database using a query tool; a«4 

means for modifying said initial network security policy file as needed : and 
25 means for repeating from said means for ensuring network security policy file 

is uploaded through said means for modifying said network security policy file until a 
comprehensive and desired policy file is attained. 

34. (original) The system of Claim 33, wherein said network machine is remote, 
30 and further comprising means for uploading said modified network security policy file 

to said remote network machine as needed. 

35. (original) The system of Claim 33, further comprising: 

means for monitoring network traffic by using said attained comprehensive 
35 and desired policy file. 

36. (original) The system of Claim 35, wherein monitoring network traffic is on a 
continuous basis. 
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37. (original) The system of Claim 33, further comprising: 

means for generating reports from said database, and using said generated 
reports as input for further policy refinement and/or using said generated reports for 
5 continuously monitoring network traffic. 

38. (original) The system of Claim 37, further comprising: 

means for encrypting said reports, and sending said encrypted reports to a 
remote secure Web server. 

10 

39. (original) The system of Claim 38, further comprising: 

means for accessing said reports on said remote server in a user-friendly 
manner. 

15 40. (original) The system of Claim 33, wherein means for creating an initial 
network security policy file, and modifying said network security policy file as needed 
uses a policy generator tool. 
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